The backstory: News trickled out recently that Dropbox might have been compromised, since people who have single-use email addresses for Dropbox only were getting spammed. Dropbox called in a third party to do an analysis, and the above post outlines what was found.

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

Reusing passwords is bad. Seriously, don’t do it, and don’t let family and friends do it. Invest in a password vault, like 1Password, which I use (h/t to Rich @rmanalan for this advice years ago); yeah, it’s inconvenient, but so is losing your email account, then watching your bank account empty.